Five steps to integrating privacy protection into IT transformations
The Evolving IT Risk Landscape
The why and how of IT risk management today.
The way in which companies interact with their employees, customers and other organisations is changing at an unprecedented rate. Mobile computing and new technologies such as cloud computing and social media are breaking down the walls of the conventional office and demolishing the old IT risk paradigm.
For example, an organisation's hardware is now operated in low-cost countries, software is provided in the cloud and an organisation's data is held all around the world. Corporate data is transmitted over the internet, communicated and discussed on social media channels, and can travel around the globe instantly through a variety of channels and platforms, captured on employees' smartphones, tablet computers and personal computers. These high-tech devices, through which data now flows freely, were once only the exclusive domain of the employers who provided them, but now they are mostly owned by employees. The result is personal information and important and proprietary company data often residing on the same low-security devices.
Faced with these complex and ever-changing layers of risk in this new 'world without borders', IT risk programmes must expand and adapt to meet these challenges. IT risk has historically been dismissed as the sole responsibility of the IT department, and has not been considered a strategic business risk requiring an enterprise-wide focus. However, as the pervasive use of IT tools and technology continues to grow, impacting virtually every aspect of business function, it is becoming increasingly clear that managing IT risk is less about just IT, and more about managing risks for the whole business. Organisations must now include IT Risk Management (ITRM) within their overall enterprise-wide risk management approach.
Over the years, our annual Global Information Security surveys have revealed that board members and audit committees are increasingly interested in information security. This is one of the most important measures an organisation can take to potentially reduce IT risk. However, not all IT risks are covered by information security; there is a lot more to do.